From owner-freebsd-questions@FreeBSD.ORG Sun Aug 26 06:33:26 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF83816A419 for ; Sun, 26 Aug 2007 06:33:26 +0000 (UTC) (envelope-from redchin@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.235]) by mx1.freebsd.org (Postfix) with ESMTP id B62B213C45A for ; Sun, 26 Aug 2007 06:33:26 +0000 (UTC) (envelope-from redchin@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so769653nzf for ; Sat, 25 Aug 2007 23:33:25 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qf/JcpOjNsn+OrUoJkj+oVcNa0s/M7IR6kItx4IS8qkVrVy0ctQ5tCYIkkr69rLGjb3pY1f7afLRgzfQunbMQx9E/X6x67jo4e4XqCnJVFkwnLaSn/dg+3vbSpgigeEQlvExFT+oaW+5qNqi33KXWsheR7DBo7mrX/dtf93QADU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=n1Jznhfyu04XndNJp8Rgq0p6GbcNWBWaYVaQOHr8pknmnTD/Sb40V+F05IiEAdtmDuJ5eRR0bxJoNfv6wehx1XNo+P8rk049vwIKjkQIVAzfnhjjds26K7XI57uFEfmhkzkT4npTKVw19aqodtNjBzFz+1QWUmgXR7Jx5L7eL8E= Received: by 10.142.72.21 with SMTP id u21mr454736wfa.1188110005116; Sat, 25 Aug 2007 23:33:25 -0700 (PDT) Received: by 10.142.215.6 with HTTP; Sat, 25 Aug 2007 23:33:25 -0700 (PDT) Message-ID: <1d3ed48c0708252333k55f55120n689ab811fa0a8230@mail.gmail.com> Date: Sat, 25 Aug 2007 23:33:25 -0700 From: "Kevin Downey" To: "CyberLeo Kitsana" In-Reply-To: <46D11D24.4070206@cyberleo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070826013636.GC25055@dan.emsphone.com> <46d10500.1ebc720a.304c.1e2f@mx.google.com> <1d3ed48c0708252238u1f1adfdfpa69af42b5796c36b@mail.gmail.com> <46D11D24.4070206@cyberleo.net> Cc: Dan Nelson , amin.scg@gmail.com, FreeBSD Questions Subject: Re: How to block 200K ip addresses? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 06:33:27 -0000 On 8/25/07, CyberLeo Kitsana wrote: > Kevin Downey wrote: > > I would use the pf firewall, it has an option to file tables from a file like: > > > > table persist file "/root/evil.txt" > > > > kpd@zifnab /root% wc -l evil.txt > > 178438 evil.txt > > > > so its not 300k lines but it takes seconds to load. > > I attempted something similar with a digest of a PeerGuardian database > reworked with tableutil-0.6. The resultant file had 157,546 subnet > declarations in it. > > When I attempted to populate a pf table with the file on 6.2-RELEASE, it > thought about it for a few seconds, then happily reported: > > pfctl: Cannot allocate memory. > > I never pared it down to see where the actual limit was for my hardware, > though, as a partial PeerGuardian list is pretty much useless. > > -- > Fuzzy love, > -CyberLeo > Technical Administrator this machine is amd64 so perhaps the extra address space? I dunno, evil.txt is infact more or less the peerguardian list and it loads. -- I am the kwisatz haderach